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AMENDMENTS TO THE CLAIMS 



\ 



1 . (Currently Amended) An access system for a computer site, comprising 

a certificate authentication component to verify a user's identity from a digital certificate 
supplied by the user, 

a directory, coupled to the certificate authentication component, to otoro information 
roprooontativo of a plurality-pf uoora, said information including an aooooo policy f or oaoh uaor - 
maintain an account for each user, each a c count containing an access nolicv soecifvinp at l* a ct 
one portion of the computer site to which t h e correspondine user is p erm itted access, and 

an access control system, coupled to the directory, for controlling access to [[a]] the 
computer site by permitting the user to access a portion of the computer site and restricting the 
user from accessing at least one other portion of the computer site, based on the access policy 
associated with the user in the directory. 

2. (Original) An access system as in claim 1 , wherein the access policy includes 
information representative of a portion of the computer site to which the user is permitted access. 

3. (Original) An access system as in claim 1 , further comprising 

a certificate authority component, coupled to the certificate authentication component, to 
issue digital certificates to the user. 

4. (Original) An access system as in claim 1, further comprising 

a log system, coupled to the certificate authentication component, to record the user's 
actions in the computer site. 

5. (Original) An access system as in claim 1 , further comprising 

a transaction authentication system, coupled to the certificate authentication component, 
to provide verified records of transactions performed using the computer site. 

6. (Original) An access system as in claim 5, wherein the transaction authentication system 
includes a digital signing module for validating transactions. 
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7. (Original) An access system as in claim 1, wherein the computer site is an extranet. 

8. (Currently Amended) A method of regulating access to a computer site, comprising 
receiving from a user a request to access a computer site or a portion thereof, 
receiving information representative of the user's identity, 

consulting a directory containing an account fo r each user, each account cnntaining «m 
access policy specifying at least one portion of the comp ut er site to which the corresponding us*r 
is permitted access information roprcoontativo of o plurality of usoro, on i d information including 
anaoooospolioyforcaohuocr , to determine whether the user is permitted to access the computer 
site or portion thereof, and 

controlling access to the computer site by permitting the user to access a portion of the 
computer site and restricting the user from accessing at least one other portion of the computer 
site, based on the access policy for the user. 

9. (Original) A method as in claim 8, wherein consulting a directory includes checking the 
access policy to determine a portion of the computer site to which the user is permitted access. 

1 0. (Original) A method as in claim 9, wherein the receiving a request includes receiving a 
URL address for a site within the computer site. 

1 1 . (Original) A method as in claim 8, wherein receiving information representative of the 
user's identity includes receiving a password, a retinal scan, a fingerprint, or a document capable 
of being decrypted by a public key. 

1 2. (Original) A method as in claim 8, wherein receiving information representative of the 
user's identity includes receiving a digital certificate. 

13. (Currently Amended) An access system for a computer site, comprising 
means for verifying a user's identity from a digital certificate supplied by the user, 
means, coupled to the means for verifying a users identity, for otoring information 

r e prooontativo of a plurality of uooro, said information including an aooesa policy for oaoh uom 
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maintaining an account for each user, each account containing Q .. ess nolicv - 
least one portion of the computer site to which the cQrrannr.HW ^ is perm ,-^ flp „ gc w 

means, coupled to the means for storing information, for controlling access to a computer 
site by permitting the user to access a portion of the computer site and restricting the user from 
accessing at least one other portion of the computer site, based on the access policy associated 
with the user in the means for storing information. 

14. (Original) An access system as in claim 13, wherein the means for storing information 
includes information representative of a portion of the computer site to which the user is 
A permitted access. 



1 5. (Original) An access system as in claim 1 3, further comprising 

means, coupled to said means for verifying a user's identity, for issuing digital certificates 
to the user. 

16. (Original) An access system as in claim 13, further comprising 

means, coupled to said means for restricting access, for recording the user's actions in the 
computer site. 

1 7. (Original) An access system as in claim 1 3, further comprising 

means, coupled to said means for verifying a user's identity, for storing verified records 
of transactions performed using the computer site. 
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